To print: Select File and then Print from your browser's menu.
-----------------------------------------------
This story was printed from CdrInfo.com,
located at http://www.cdrinfo.com.
-----------------------------------------------

Appeared on: Tuesday, August 30, 2011
Facebook Updates Its Bug Bounty Program

Facebook has started paying rewards to security experts who report bugs related to the popular social networking web site to the company.

The bug bounty program aims to encourage security researchers to help harden Facebook against attack.

The program is part of Facebook's effort to recognize and reward these individuals for their good work and encourage others experts to join.

Facebook said that the program has already paid out more than $40,000 in only three weeks and one person has already received more than $7,000 for six different issues flagged.

The minimum amount paid for a bug is $500, said Facebook chief security officer Joe Sullivan, up to a maximum of $5000 for the most serious loopholes. The maximum bounty has already been paid once, he said.

The program has also made Facebook more secure--by surfacing issues large and small, introducing Facebook's software engineers to novel attack vectors, and helping them improve lots of corners in their code.

Facebook's fans have also asked the company to extend the bounty program to the Facebook Platform (the applications and websites built and run by third parties that you can connect to your Facebook identity). However, that's not practical because of the hundreds of thousands of independent Internet services implicated, Facebook said.